
Q: server security

A: no protection against HTTP GET DOS, early check ban in CGI, write only after successful login. Allow filesystem access to web server user. Mark files inside app/ readonly.

Use filesystem directories to manage access and permissions.

Exception 1: write app/var/lock/ban.cdb

Exception 2: allow search via CGI.
